Today we start looking at networking, and in particular focus on DNS, the domain name system that maps hostnames to network IP addresses.
Wireshark (formerly known as Ethereal) is a popular cross-platform packet sniffer --- it can record the packets that your network adapter sees on the network. Under normal circumstances, your adapter sees only the traffic that is sent to or from your computer. When you use a shared medium (such as a wireless network or a hub instead of a switch) you'll also be able to see packets belonging to other computers.
Packet sniffers such as wireshark and tcpdump are valuable tools to understand exactly what traffic is flowing on a link, and to debug network applications. However, in a non-switched environment it can enable you to see other people's traffic, and even in a switched environment you will be able to see other people's traffic if they are logged into the same machine. As a result, use of such tools should be determined carefully, and with respect to any AUP.
Use wireshark to monitor your computer's traffic on the network. Since you likely don't have wireshark installed in /usr/sbin/wireshark, you'll need to install it first. Run yum install wireshark wireshark-gnome to install the main wireshark package and a gnome-based front-end (say yes to install the packages requested and any dependencies).
Run wireshark. Note that this program requires root access (and so will ask you for the root password when started from a regular account). Capture->Options brings up a dialog box with options for what traffic to capture. For now, choose the Pseudo-device that captures on all interfaces and use the defaults for everything else. When you click Start, it will start capturing traffic, and show the count of the number of ethernet frames captured of varying types. Stop after you've captured a few hundred and take a look at the kinds of traffic. If you aren't seeing any traffic, open a browser and start accessing some Web sites.
Use wireshark to capture just DNS packets (which are UDP packets on port 53). To do that, put "port 53" into the filter box (when starting a new capture) without the quotes. Now visit a new site, such as http://www.cs.vu.nl/ and capture a few dozen DNS requests and responses. You'll likely see a number of AAAA queries. What are they?
Although bind should be installed (type rpm -q bind to see what version is installed if any), we also need to install a caching nameserver configuration for it that we can modify further. Type yum install caching-nameserver. Among other things, this installs /etc/named.caching-nameserver.conf which is enough to get going. Use the RH/Fedora tool to configure which services are running. Menu item System->Administration->Server Settings->Services is how to start it (or system-config-services from the shell). This tool manages the set of /etc/rc.d/ scripts for you for the current run-level. Make named start at boot, and start it now (button at top) and save changes.
OK, now named is running. Use dig to get SOA records for cse.lehigh.edu, specifying localhost as the resolver. This request goes through the server you just started, and you can tell even now that the server is a caching server.
Now we will add our own domain as an authoritative zone that this nameserver will manage for us. You should make up any (non-existent) domain name you like (e.g., lehighrules.edu) and then a few hostnames to go within that domain (e.g., www.lehighrules.edu). You'll be creating a zone file that maps those hostnames to IP addresses, and another zone file to map your local IP address to one of those names. You might want to reference a sample domain zone file, supplied as part of an online book about DNS.
For system security, named is run within a chroot environment. All files for named are found within the /var/named/chroot/ directory. The zone files for named are thus located in /var/named/chroot/var/named/. You should see a number of files there, including one for forward lookups of localhost (localhost.zone), one for all root servers (named.ca), etc. We need to add two more files: one for the forward lookups of our new domain, and one for the reverse lookup of our IP address into that new domain.
Using the localhost.zone as an example, create a new file, perhaps called mynet.zone. Edit that file. When complete, your revised file should have (at least) three entries -- two A records, one pointing to your current IP address, and one pointing to 127.0.0.1; the third entry should be a CNAME for thing.eecs.lehigh.edu. Remember that whenever you make a change to a zone file, you need to increase the serial number -- which is 42 in the default localhost.zone file.
However, there is more to be done before you can test it. You'll need to create an /etc/named.conf to include entries for your new file(s). In addition, in order for the changes to be used by the name server, you'll need to make it re-read the files. I suggest restarting it using the named script in init.d (as you would restart any other service). You'll also want (at some point) to create the reverse zone file for your IP address.
Once you have made all the changes (and updated the serial numbers), restart named and then use dig (or nslookup or host) to verify that you can resolve the new names correctly. If named has a problem with the files you have created, where do you think it'll send warnings and errors? In order for applications to start using the nameserver, though, you'll need to change /etc/resolv.conf -- put the IP address for localhost as the first nameserver (the system will only use the first, as long as it is a working nameserver).
You should now be able to use a web browser (you might need to restart it) and visit the hostname you created for thing. To verify that everything works, also use dig to see the results of reverse name resolution. To really see everything in action, use wireshark on the lo interface to see the requests that your applications use, and the responses generated by your local nameserver, and the external interface to see the requests made by your nameserver to the rest of the world.
Use any remaining time in lab to finish project #1.
In order to sign the lab completion sheet, you will need to: